CVE-2018-16494

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.

Published: May 26, 2021
Updated: Apr 13, 2023
CVE: CVE-2018-16494
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-668

Affected Software
References

Software	From	Fixed in
versa-networks / versa_operating_system	21.1.0	21.1.1
versa-networks / versa_operating_system	20.2.0	20.2.2
versa-networks / versa_operating_system	-	16.1r2s11

https://hackerone.com/reports/1168191

Vulnerability Database

289,871

CVE-2018-16494